EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2710)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths such as .\c: could be converted to...

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-193)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-193 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

RHEL 9 : lua (RHSA-2022:7329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7329 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently us...

Uncontrolled Recursion

Overview grpc/grpc-swift is a Swift language implementation of gRPC. Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing certain payloads. This can lead to a Denial-of-Service. Remediation Upgrade grpc/grpc-swift to version 1.2.0 or higher. References - GitHub...

lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling

A vulnerability was found in Lua. During error handling, the luaGerrormsg component uses slots from EXTRASTACK. Some errors can recur such as a string overflow while creating an error message in 'luaGrunerror', or a C-stack overflow before calling the message handler, causing a crash that leads t...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2651)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request...

Stack overflow

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

SUSE-SU-2022:3830-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...

CVE-2022-42321

CVE-2022-42321 : In Xen, the Xenstore component (xenstored) can crash due to stack exhaustion from recursive operations when deleting a sub-tree or handling deeply nested Xenstore structures. The vulnerability is triggered by sufficiently deep nesting levels and is exploitable locally (attack vec...

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion, which allows a hacker to trigger a service failure.

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CVE-2022-29823

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

AlmaLinux 8 : git-lfs (ALSA-2022:7129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7129 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed ...

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : go-rpm-macros (ALAS-2022-1863)

The version of go-rpm-macros installed on the remote host is prior to 3.0.15-23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1863 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this...

Amazon Linux 2 : golang-github-gorilla-context (ALAS-2022-1859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1859 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

The vulnerability of the Juniper GraphQL execution environment library, related to an uncontrolled recursion, allows a attacker to cause a service failure.

The vulnerability of the Juniper GraphQL execution environment library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Amazon Linux 2 : golang-github-syndtr-gocapability (ALAS-2022-1865)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1865 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-gorilla-mux (ALAS-2022-1860)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1860 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...